Contents

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.
Purchase the PogoPlug Mobile at Amazon

Disassembly

UART

The pin-out for UART can be found on the image below.

GPL

Gaining Root

The PogoPlug has an open bootloader and its kernel drops to a root shell making this a very open device. On top of that a user is also able to enable a SSHD server if they visit My.PogoPlug.com and enable it. Enabling SSHD not only sets dropbear to start on boot but also forces the user to change the root password. This however is only offered if a user opts to setup SSHD.

This leaves a lot of users with a default root password, but seemingly without any services running that could use it.

Lucky for us a diagnostic page runs on every pogoplug and can be accessed at:

https://IP-OF-POGOPLUG-MOBILE/sqdiag/

This diagnostic pages uses the root credentials as its login/password.

After accessing this diagnostic page you will need to access the hidden command execution portion. This can be access by visiting the following URL: